#DefenseInDepth

What Communications Companies Need to Know Before Q-Day

by

October 3, 2024 at 09:23AM NIST has finalized the first three algorithms for post-quantum cryptography, providing crucial defense against potential quantum threats. Transitioning to a quantum-safe infrastructure presents challenges, requiring a combination of engineering efforts and proactive evaluation. The industry is gradually integrating post-quantum algorithms, preparing for the eventual shift to quantum-safe encryption methods. Various … Read more

Cybercriminals Tap Greasy Opal to Create 750M Fake Microsoft Accounts

by

August 26, 2024 at 03:45PM Greasy Opal, a tool used for cyberattacks, facilitates volumetric bot attacks, particularly targeting CAPTCHA systems. A threat actor group orchestrated an attack resulting in 750 million fake Microsoft accounts. Microsoft seized control of the domains. Greasy Opal leverages advanced technology to bypass defenses, posing a challenge to traditional security measures. … Read more

Is the US Federal Government Increasing Cyber-Risk Through Monoculture?

by

August 2, 2024 at 12:37PM The US State and Local Cybersecurity Grant Program (SLCGP) aims to enhance cybersecurity for public entities. However, by promoting monoculture through standardizing on a single cybersecurity vendor, it may create a perfect storm for major cyber incidents, risking widespread disruption. Instead, promoting diverse layers of defense architecture is crucial to … Read more

CISA broke into a US federal agency, and no one noticed for a full 5 months

by

July 12, 2024 at 02:10PM CISA’s SILENTSHIELD exercise detected major security lapses at a federal agency in 2023. A red team exploited an Oracle Solaris vulnerability, leading to a full compromise. Despite timely alerts, the patch was delayed, and the agency ignored crucial investigation procedures. CISA’s report revealed poor network safeguards and a lack of … Read more

CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth

by

July 11, 2024 at 10:36AM The Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch organization in early 2023. The red team mimicked the techniques, tradecraft, and behaviors of sophisticated threat actors to assess the organization’s security posture. The assessment revealed findings related to initial access, … Read more

10 Ways a Digital Shield Protects Apps and APIs

by

May 17, 2024 at 03:02PM As network architectures evolved to hybrid and multicloud environments, protecting apps and APIs became more complex. To address this, a digital shield is proposed, consisting of essential elements such as standardized communication, uniform policy, proper visibility, reliable alerting, response capability, good governance, central controls, vendor agnosticism, defense-in-depth, and simplified operations. … Read more

Security is hard because it has to be right all the time? Yeah, like everything else

by

February 25, 2024 at 11:13AM The text describes the importance and complexity of integrating security into system designs, emphasizing the need to prioritize security throughout the entire process. It also discusses the challenges and unique aspects of security, emphasizing the importance of understanding requirements, assumptions, and mechanisms, and decomposing the system into elemental components to … Read more

Rise of deepfake threats means biometric security measures won’t be enough

by

February 1, 2024 at 01:53PM Gartner predicts that cyber attacks using AI-generated deepfakes will cause doubt in the effectiveness of facial biometrics for identity verification. Deepfakes pose a challenge for security systems that rely on facial recognition and liveness detection, requiring additional layers of security. This could include verifying device information and using AI to … Read more